Skip to content

Commit

Permalink
Enable SSO Login
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfvishalgupta
sfvishalgupta committed May 8, 2024
1 parent 03b8d8f commit badca42
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docker/.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,9 @@ SUPERSET_LOAD_EXAMPLES=yes
CYPRESS_CONFIG=false
SUPERSET_PORT=8088
MAPBOX_API_KEY=''

OKTA_BASE_URL=https://dev-82570728.okta.com
OKTA_CLIENT_ID=0oagx182a4d0NvwF15d7
OKTA_CLIENT_SECRET=7MVtdGmr2zNNAprS8TVqqcmSafKQj3adTSWNSdTKTDAxT9mUwwg0JHjK-wnw1fUB

SSO_USER_REGISTRATION_ROLE=Admin
25 changes: 25 additions & 0 deletions docker/custom_sso_security_manager.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import os
from superset.security import SupersetSecurityManager

class CustomSsoSecurityManager(SupersetSecurityManager):
"""
The CustomSsoSecurityManager class extends the SupersetSecurityManager class.
"""
def oauth_user_info(self, provider, response=None):
if provider == 'okta':
user_info = response.get("userinfo")
me = self.appbuilder.sm.oauth_remotes[provider].parse_id_token(
response, user_info["nonce"])
first_name, last_name = me["name"].split(" ", 1)
return {
'name': me['name'],
'email': me['email'],
'id': me['email'],
'username': me['email'],
'first_name': first_name,
'last_name': last_name,
}

def sync_roles(self):
self.add_role(os.getenv("SSO_USER_REGISTRATION_ROLE"))
return super().sync_roles()
32 changes: 32 additions & 0 deletions docker/pythonpath_dev/superset_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@

from celery.schedules import crontab
from flask_caching.backends.filesystemcache import FileSystemCache
from flask_appbuilder.security.manager import AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager


logger = logging.getLogger()

Expand Down Expand Up @@ -113,3 +116,32 @@ class CeleryConfig:
)
except ImportError:
logger.info("Using default Docker config...")


AUTH_TYPE = AUTH_OAUTH
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager

AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = os.getenv("SSO_USER_REGISTRATION_ROLE")
AUTH_ROLE_ADMIN = "Admin"

OKTA_BASE_URL = os.getenv("OKTA_BASE_URL")
OAUTH_PROVIDERS = [
{
"name": "okta",
"token_key": "access_token",
"icon": "fa-circle-o",
"remote_app": {
"client_id": os.getenv("OKTA_CLIENT_ID"),
"client_secret": os.getenv("OKTA_CLIENT_SECRET"),
"client_kwargs": {"scope": "openid profile email"},
"access_token_method": "POST",
"api_base_url": f"{OKTA_BASE_URL}/oauth2/v1/",
"access_token_url": f"{OKTA_BASE_URL}/oauth2/v1/token",
"authorize_url": f"{OKTA_BASE_URL}/oauth2/v1/authorize",
"server_metadata_url": f"{OKTA_BASE_URL}/.well-known/openid-configuration",
'request_token_url': None,
},
},
]

0 comments on commit badca42

Please sign in to comment.